<?php
session_start();
include '../comm/config.php';
include '../comm/checkpostandget.php';
include 'check.php';

$email = $_POST['email'];
$oldpwd = $_POST['oldpassword'];
$pwd = $_POST['password'];
$zfb = $_POST['zfb'];
$tbusername = $_POST['tbusername'];
$mobile = $_POST['mobile'];
$qq = $_POST['qq'];
if ($email == "") {
	echo "<script language=javascript>window.location='error.php?id=9';</script>";
	exit;
}

$link = mysql_connect($dbserver, $dbuser, $dbpass);
if (!$link) {
	die(ERR_DB);
} else {
	mysql_select_db($dbname);
	mysql_query("set names utf8");
	if(UC==1){
	    include '../data/config.inc.php';
		include '../uc_client/client.php';

		$uc_name=iconv("utf-8","utf-8",$_SESSION["ddusername"]);
		$ucresult = uc_user_edit($uc_name, $oldpwd, $pwd, $email);
		
		if ($ucresult == -1) {
			echo "<script language=javascript>window.location='error.php?id=24';</script>";//密码不正确
			exit;
		}
		elseif ($ucresult == -4) {
			echo "<script language=javascript>window.location='error.php?id=25';</script>";//email格式有错误
			exit;
		}
		elseif ($ucresult == -5) {
			echo "<script language=javascript>window.location='error.php?id=26';</script>";//email不允许注册
			exit;
		}
		elseif ($ucresult == -6) {
			echo "<script language=javascript>window.location='error.php?id=27';</script>";//email已被注册
			exit;
		}
	}
	
	$sql = "select `ddpassword` from " . $BIAOTOU . "user where Id=" . $_SESSION["dduserid"];
	$query = mysql_query($sql);
	$row = mysql_fetch_array($query);
	if ($row['ddpassword'] != md5($oldpwd)) {
		echo "<script language=javascript>window.location='error.php?id=24';</script>";
		exit;
	}
	if($row['email']==$email){
	    echo "<script language=javascript>window.location='error.php?id=27';</script>";
		exit;
	}
	if ($zfb != NULL) {
		$subsql = "zfb='$zfb',";
	}
	if ($tbusername != NULL) {
		$subsql = $subsql . "tbusername='$tbusername',";
	}
	if($pwd!=''){
		$subsql = $subsql . "ddpassword='" . md5($pwd) . "',";
	}
	$q = "update " . $BIAOTOU . "user set " . $subsql . " mobile='" . $mobile . "',qq='" . $qq . "',email='" . $email . "' where Id=" . $_SESSION["dduserid"] . "";
	mysql_query($q);

	echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" /><script language=javascript>alert('提示：账户设置成功！');window.location='info.php';</script>";
}
mysql_close($link);
?>